Adversarial attacks on Faster R-CNN object detector
文献类型:期刊论文
| 作者 | Wang, Yutong2,3 ; Wang, Kunfeng1; Zhu, Zhanxing4; Wang, Fei-Yue2
|
| 刊名 | NEUROCOMPUTING
 |
| 出版日期 | 2020-03-21 |
| 卷号 | 382页码:87-95 |
| ISSN号 | 0925-2312 |
| 关键词 | Adversarial attack Object detection White-box attack Black-box attack |
| DOI | 10.1016/j.neucom.2019.11.051 |
| 通讯作者 | Wang, Kunfeng(wangkf@mail.buct.edu.cn) |
| 英文摘要 | Adversarial attacks have stimulated research interests in the field of deep learning security. However, most of existing adversarial attack methods are developed on classification. In this paper, we use Projected Gradient Descent (PGD), the strongest first-order attack method on classification, to produce adversarial examples on the total loss of Faster R-CNN object detector. Compared with the state-of-the-art Dense Adversary Generation (DAG) method, our attack is more efficient and more powerful in both white-box and black-box attack settings, and is applicable in a variety of neural network architectures. On Pascal VOC2007, under white-box attack, DAG has 5.92% mAP on Faster R-CNN with VGG16 backbone using 41.42 iterations on average, while our method achieves 0.90% using only 4 iterations. We also analyze the difference of attacks between classification and detection, and find that in addition to misclassification, adversarial examples on detection also lead to mis-localization. Besides, we validate the adversarial effectiveness of both Region Proposal Network (RPN) and Fast R-CNN loss, the components of the total loss. Our research will provide inspiration for further efforts in adversarial attacks on other vision tasks. (C) 2019 Elsevier B.V. All rights reserved. |
| 资助项目 | National Key R&D Program of China[2018YFC1704400] ; National Natural Science Foundation of China[U1811463] |
| WOS研究方向 | Computer Science |
| 语种 | 英语 |
| 出版者 | ELSEVIER |
| WOS记录号 | WOS:000512881200010 |
| 资助机构 | National Key R&D Program of China ; National Natural Science Foundation of China |
| 源URL | [http://ir.ia.ac.cn/handle/173211/28588]  |
| 专题 | 自动化研究所_复杂系统管理与控制国家重点实验室_先进控制与自动化团队 |
| 通讯作者 | Wang, Kunfeng |
| 作者单位 | 1.Beijing Univ Chem Technol, Coll Informat Sci & Technol, Beijing 100029, Peoples R China 2.Chinese Acad Sci, Inst Automat, State Key Lab Management & Control Complex Syst, Beijing 100190, Peoples R China 3.Univ Chinese Acad Sci, Beijing, Peoples R China 4.Peking Univ, Sch Math Sci, Beijing 100871, Peoples R China |
| 推荐引用方式 GB/T 7714 | Wang, Yutong,Wang, Kunfeng,Zhu, Zhanxing,et al. Adversarial attacks on Faster R-CNN object detector[J]. NEUROCOMPUTING,2020,382:87-95. |
| APA | Wang, Yutong,Wang, Kunfeng,Zhu, Zhanxing,&Wang, Fei-Yue.(2020).Adversarial attacks on Faster R-CNN object detector.NEUROCOMPUTING,382,87-95. |
| MLA | Wang, Yutong,et al."Adversarial attacks on Faster R-CNN object detector".NEUROCOMPUTING 382(2020):87-95. |
入库方式: OAI收割
来源:自动化研究所
浏览0
下载0
收藏0
其他版本
除非特别说明,本系统中所有内容都受版权保护,并保留所有权利。